- GNU PG
- Overview
- Create a new Public and Private key pair
- Creating a detached ascii signature
- Verifying a detached signature
- Exporting keys
- Importing keys
- Display Fingerprint
- Signing a key
- Trusting a key
- Updating the expiration date
- Specifying an alternate location for the keyrings
- Linux GUI Front-Ends for GnuPG
- Windows Usage
- Resources
GNU PG
Overview
Hints and tips for using GPG encryption and signing tool from the GnuPG system.
Create a new Public and Private key pair
- gpg --gen-key
Specify a different directory for creating the keyrings
- gpg --homedir /home/xxx --gen-key
Creating a detached ascii signature
- gpg --sign --detach-sign --armor file_to_be_signed
or
- gpg -s -b -a file_to_be_signed
Signature Compatible with PGP
See http://www.gnupg.org/documentation/faqs.en.html#q5.1
gpg --sign --detach-sign --armor --compress-algo 1 --cipher-algo cast5 file_to_be_signed
or
gpg --sign --detach-sign --armor --compress-algo 1 --cipher-algo 3des file_to_be_signed
Verifying a detached signature
- gpg --verify signature_file signed_file
Exporting keys
These options allow you to transfer public and private keys to another machine. You can also export your trust database. You may also want to transfer your .gnupg/options or .gnupg/gpg.conf files too.
Export all public keys
- gpg --export --armor > my_public_keys
Export specific public key
- gpg --export --armor my.name@domain.tld > my_public_key
Export all private keys
- gpg --export-secret-keys --armor > my_secret_keys
Export trust ownership
- gpg --export-ownertrust --armor > my_owner_trust
Importing keys
Importing public keys
- gpg --import my_public_keys
Importing private keys
- gpg --import --allow-secret-key-import my_secret_keys
Importing owner trust relationships
- gpg --import-ownertrust my_owner_trust
Import a key from a dowloaded KEY file
- gpg --import KEY_FILE_NAME
Importing a key from a public server
Imports the specified key from the specified public key server and adds it to your key chain.
- gpg --keyserver wwwkeys.pgp.net --recv-keys 0x5072E1F5
Display Fingerprint
- gpg --fingerprint user.name
Signing a key
- gpg --edit-key KEYNAME
- sign
- quit
Trusting a key
You need to sign the key first. See Signing a key
- gpg --edit-key KEYNAME
- trust
- 4
- quit
Updating the expiration date
- gpg --edit-key YOUR_KEY
- expire
Enter the period to extend the expiration date by, e.g. 1y
Then select the sub key and extend that too:
- key 1
- expire
- 1y
- quit
Specifying an alternate location for the keyrings
gpg --keyring=/somewhere/else/pubring.gpg
--secret-keyring=/somewhere/else/secring.gpg encrypted.gpg
Linux GUI Front-Ends for GnuPG
- Seahorse
- GPG-Crypter
- Gnu Privacy Assistant (Apparently work in progress as at 16-Sep-2007)
Windows Usage
See http://www.glump.net/dokuwiki/gpg/gpg_intro
Resources
-- Frank Dean - 26 Sep 2004